Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
from ipsilon.providers.common import AuthenticationError, InvalidRequest
from ipsilon.providers.openid.meta import XRDSHandler, UserXRDSHandler
from ipsilon.providers.openid.meta import IDHandler
from ipsilon.providers.common import AuthenticationError, InvalidRequest
from ipsilon.providers.openid.meta import XRDSHandler, UserXRDSHandler
from ipsilon.providers.openid.meta import IDHandler
+from ipsilon.util.policy import Policy
from ipsilon.util.trans import Transaction
from ipsilon.util.user import UserSession
from ipsilon.util.trans import Transaction
from ipsilon.util.user import UserSession
raise cherrypy.HTTPError(e.code, e.msg)
return self._respond(request.answer(False))
raise cherrypy.HTTPError(e.code, e.msg)
return self._respond(request.answer(False))
+ # get attributes, and apply policy mapping and filtering
+ def _source_attributes(self, session):
+ policy = Policy(self.cfg.default_attribute_mapping,
+ self.cfg.default_allowed_attributes)
+ userattrs = session.get_user_attrs()
+ mappedattrs, _ = policy.map_attributes(userattrs)
+ attributes = policy.filter_attributes(mappedattrs)
+ self.debug('Filterd attributes: %s' % repr(attributes))
+ return attributes
+
def _parse_request(self, **kwargs):
request = None
try:
def _parse_request(self, **kwargs):
request = None
try:
ad = {
"Trust Root": request.trust_root,
}
ad = {
"Trust Root": request.trust_root,
}
- userattrs = us.get_user_attrs()
+ userattrs = self._source_attributes(us)
for n, e in self.cfg.extensions.available().items():
data = e.get_display_data(request, userattrs)
self.debug('%s returned %s' % (n, repr(data)))
for n, e in self.cfg.extensions.available().items():
data = e.get_display_data(request, userattrs)
self.debug('%s returned %s' % (n, repr(data)))
identity=identity_url,
claimed_id=identity_url
)
identity=identity_url,
claimed_id=identity_url
)
- userattrs = session.get_user_attrs()
+ userattrs = self._source_attributes(session)
for _, e in self.cfg.extensions.available().items():
resp = e.get_response(request, userattrs)
if resp is not None:
for _, e in self.cfg.extensions.available().items():
resp = e.get_response(request, userattrs)
if resp is not None:
self.debug(req)
if req is None:
return {}
self.debug(req)
if req is None:
return {}
- data = userdata['_extras'].get('cla', [])
+ data = userdata.get('_extras', {}).get('cla', [])
return cla.CLAResponse.extractResponse(req, data)
def _display(self, request, userdata):
return cla.CLAResponse.extractResponse(req, data)
def _display(self, request, userdata):
'enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
'enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
+ pconfig.MappingList(
+ 'default attribute mapping',
+ 'Defines how to map attributes before calling extensions',
+ [['*', '*']]),
+ pconfig.ComplexList(
+ 'default allowed attributes',
+ 'Defines a list of allowed attributes, applied after mapping',
+ ['*']),
def enabled_extensions(self):
return self.get_config_value('enabled extensions')
def enabled_extensions(self):
return self.get_config_value('enabled extensions')
+ @property
+ def default_attribute_mapping(self):
+ return self.get_config_value('default attribute mapping')
+
+ @property
+ def default_allowed_attributes(self):
+ return self.get_config_value('default allowed attributes')
+
def get_tree(self, site):
self.init_idp()
self.page = OpenID(site, self)
def get_tree(self, site):
self.init_idp()
self.page = OpenID(site, self)